Subject: |
Re: Making releases |
From: |
[email protected] (Alan K Biocca) |
Date: |
Fri, 10 Feb 95 16:00:22 PST |
Bob:
I suggest we use pgp encryption for releases. Pass phrases can be handled
over the landline or some other reasonably secure medium. We can select
one pass-phrase per release or one per year to make it easier. Only the
1-2 people per site who actually get and install releases need to know
this access key.
Pgp is available from MIT free of charge for all US based sites.
If a release is tarred up and then encrypted it is one easy pass
to decrypt before detarring.
This technology also allows digital signing of releases so they cannot
be altered without detection. This provides another layer of protection
against errors in transmission.
Since the pass phrase never traverses the net it should be adequately
secure. Even someone on the inside would have a difficult time getting
to it unless they can pervert your local copy of the pgp binary, and you
can check for that. Besides, if they can get on your machine they can
read your decrypted source tree anyway.
--Alan
- Navigate by Date:
- Prev:
Re: Making releases 415
- Next:
Re: Making releases Noboru Yamamoto
- Index:
1994
<1995>
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Making releases 415
- Next:
Re: Making releases Noboru Yamamoto
- Index:
1994
<1995>
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|